Currently the way of retrieving IssueInstant time from the last assertion processed SAMLResponse is possible by (please correct me if there's an easier way):
1) Retrieving the XML string by calling auth.get_last_response_xml()
2) Parsing the XML document from the XML string using xml_utils.to_etree()
3) Querying the last Assertion using xml_utils.query()
4) Parsing the SAML2 timestamp using parse_SAML_to_time()
Implementing get_last_assertion_issue_instant() replaces the four calls above with one.
Why retrieve IssueInstant?
There is an odd case where an IdP can send no notOnOrAfter within Conditions or SubjectConfirmationData in an Assertion, as these parameters are both optional. IssueInstant on the other hand is a required parameter that provides an additional tool for applications to implement additional security measurements by limiting the amount of time they'll process an Assertion past IssueInstant
Currently the way of retrieving
IssueInstanttime from the last assertion processedSAMLResponseis possible by (please correct me if there's an easier way): 1) Retrieving the XML string by callingauth.get_last_response_xml()2) Parsing the XML document from the XML string usingxml_utils.to_etree()3) Querying the last Assertion usingxml_utils.query()4) Parsing the SAML2 timestamp usingparse_SAML_to_time()Implementing
get_last_assertion_issue_instant()replaces the four calls above with one.Why retrieve
IssueInstant? There is an odd case where an IdP can send nonotOnOrAfterwithinConditionsorSubjectConfirmationDatain an Assertion, as these parameters are both optional.IssueInstanton the other hand is a required parameter that provides an additional tool for applications to implement additional security measurements by limiting the amount of time they'll process an Assertion pastIssueInstant